Data Harvesting SQL injections

Data Harvesting SQL injections are a way of attacking a data driven SQL based application, and tricking it into sending the attacker data from the database. During this type of attack the database engine is tricked into running extra commands that are usually added on to legitimate SQL queries and stored procedures. This extra code harvests data from the database and sends it to the attacker. The extra SQL commands are usually added to a query sent from a client application that needs to receive data. Usually a compromised web browser application.